Understand Disable self-review
The Disable self-review option lets you allow or restrict self-reviews for campaigns. This can depend on the criticality or sensitivity of the resources that are in the campaigns. This option is enabled by default for campaigns that review access to admin roles. When a campaign has self-reviews disabled, you can't approve, revoke, or reassign your own review item. This option is enabled by default for campaigns that review access to admin roles.
If the Disable self-review checkbox is selected for a campaign and the user and reviewer (who will be assigned the review) happen to be the same person, then at the time of campaign launch, Okta assigns the review to a different reviewer depending on the reviewer type:
-
Manager, Group owner, Resource Owner, or Custom: Okta assigns that review item to the fallback reviewer. If the fallback reviewer is deactivated, doesn't exist in Okta, or is the reviewer for their own review item, Okta assigns the review to the person who created the campaign.
If there are two or more group owners or resource owners as reviewers, Okta assigns that review item to other group owners who aren't the user.
If your org has Resource owners enabled, the Group Owner reviewer type setting is called Resource Owner. A group, app, entitlement, and entitlement bundle owners are considered as resource owners. Okta assigns resource owners as reviewers when the campaign launches:
-
If the entitlement owner is unavailable and there's a bundle that includes the entitlement, the bundle owner is assigned as the reviewer if the bundle is included in the resource scope of the campaign.
-
If the entitlement owner is unavailable and there are no bundles that include the entitlement, the app owner is assigned as the reviewer.
-
If the entitlement bundle owner is unavailable, the app owner is assigned as the reviewer.
-
If the app owner is also not available, then Okta assigns the review item to the fallback reviewer who's specified in the Reviewer settings for the campaign.
-
If the group owner isn't available, then Okta assigns the review item to the fallback reviewer who's specified in the Reviewer settings for the campaign.
Resource owners is an Early Access feature.
-
-
User: Okta assigns that review item to the person who created the campaign.
-
Group: Okta assigns that review item to other members of the group who aren't the user. If the group only has one member and that person is also the user in the campaign, Okta assigns the review to the person who created the campaign.
The campaign fails to launch if Okta assigns the review item to the person who created the campaign and any of the following conditions are met:
-
The user who created the campaign doesn't exist in Okta.
-
The user who created the campaign is the reviewer for their own review item.
When a campaign has self-reviews disabled, you can't approve, revoke, or reassign your own review item. This option is enabled by default for campaigns that review access to admin roles.